Blog

/Blog/

Week 10 In Review – 2016

Events Related BSides San Francisco 2016 Videos - www.irongeek.com These are the videos from the BSides San Francisco conference. BSides Indy 2016 Videos - www.irongeek.com These are the videos from the BSides Indy conference. Tools HTCAP - www.htcap.org htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls [...]

Week 9 In Review – 2016

Resources USB HID/Fingerprint Reader that enters password if Fingerprint is correct - www.reddit.com CCDC Quals Notes (metasploit) - carnal0wnage.attackresearch.com Some quick notes for interesting stuff to keep for CCDC Quals/Notes Tools EZ-Wave - github.com Tools for Evaluating and Exploiting Z-Wave Networks using Software-Defined Radios. firmadyne - github.com FIRMADYNE is an automated and scalable system for [...]

Week 8 In Review – 2016

Events Related BSidesCapeTown 2015 - www.youtube.com Resources Ray Sharp CCTV DVR Password Retrieval & Remote Root - community.rapid7.com On January 22, 2013, a researcher going by the name someLuser detailed a number of security flaws in the Ray Sharp DVR platform. These DVRs are often used for closed-circuit TV (CCTV) systems and security cameras. Comodo: Comodo [...]

Week 7 In Review – 2016

Events Related BSidesNYC2016 - github.com Resources mediatek mt6261 rom dumping via the vibration motor - www.sodnpoo.com McAfee SiteList.xml password decryption - funoverip.net Recently, a very good friend of mine pointed me out the story of a pentester who recovered the encrypted passwords from a McAfee SiteList.xml file, using Responder. Brute-forcing Microsoft Lync via NTLM - www.hackwhackandsmack.com [...]

Week 6 In Review – 2016

Events Related Shmoocon 2016 - archive.org ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. BSides Huntsville 2016 Videos - www.irongeek.com These are the videos from the BSides Huntsville conference. Recon 2015 - [...]

Week 5 In Review – 2016

Resources Hot or Not? The Benefits and Risks of IoS Remote Hot Patching - www.fireeye.com In this series of articles, FireEye mobile security researchers examine the security risks of iOS apps that employ these alternate solutions for hot patching, and seek to prevent unintended security compromises in the iOS app ecosystem. Moving to a Plugin-Free [...]

Week 4 In Review – 2016

Events Related ShmooCon: LastPass design elements create perfect Phishing opportunity - www.csoonline.com Cassidy’s presentation at ShmooCon on Saturday morning outlined a clever Phishing attack against LastPass users, which is made possible due to design elements within the password manager’s core functions. BSides Conference BSides Columbus 2016 Videos - www.irongeek.com BSidesNYC2016 – github.com Tools dnstwist - [...]

Week 3 In Review – 2016

Events Related ShmooCon ShmooCon Firetalks 2016 - www.irongeek.com ShmooCon Pres - www.gitbook.com Tools TrendMicro node.js HTTP server listening on localhost can execute commands - www.trendmicro.com Trend Micro™ Password Manager software manages all your website login IDs (user names and passwords) in one secure location, so you only need to remember one password. Techniques SSH Backdoor for [...]